HOWTO: reverse proxy with nginx and ssl with certbot

Let’s assume that you want to add an ssl certificate with certbot for your subdomain:
(replace with the desired subdomain)

Prerequisites: nginx

First, edit the following reverse-proxy


and add the following new server

listen 80;

Run certbot and follow the instructions:

sudo certbot --nginx

For reverse proxy, add the following location to the newly created “server” by certbot.
Change PORT and accordingly.

server {

location / {
proxy_read_timeout      300;
proxy_connect_timeout   300;
proxy_redirect          off;

proxy_set_header        X-Forwarded-Proto $scheme;
proxy_set_header        Host              $http_host;
proxy_set_header        X-Real-IP         $remote_addr;
proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;


listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


restart ngninx:

systemctl restart nginx

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.